Divide the password process to defend against attacks

By William Jackson

Oct 10, 2012

RSA, the Security Division of EMC, has announced a tool for protecting stored passwords using a new distributed cryptographic scheme that does away with trusted third parties for authenticating credentials by scrambling and storing them on separate servers.

Password servers, which can hold thousands of credentials for accessing accounts, can be gold mines for hackers and major headaches for any organizations that host sensitive applications — which is just about any government agency. No matter how strong the password, once it is stolen it can be used by an enemy.

And recent attacks by targeted persistent threats demonstrate that it is nearly impossible to ensure that a server is not breached once an attacker has set his sights on it.

So RSA’s Distributed Credential Protection (DCP) uses two servers so that breaching one produces no useable information. By comparing cryptographic values to authenticate a user, neither server ever holds the password. Information on the servers can be re-scrambled on the fly, making it difficult for an attacker to get useful information even if both servers are breached.

The idea of distributed cryptography has been around in various forms for at least 30 years, but RSA claims its DCP is the first commercial implementation of the scheme. Here is a brief explanation of how it works, as described in a recent blog post on split value cryptographic authentication by Eric Baize, senior director of the EMC Product Security Office:

1. Before the password is stored, a random number generator creates a 256-bit string that is used to scramble the password. The random number is stored in one server (the “red” server) and the transformed password in a separate server (the “blue” server). Neither server contains the “clear text” password, and the information in each server is useless without that in the other.

2. A new random number can be generated at any time and both servers can be updated. This means that even if both servers are compromised the data is useless if there has been an update between the compromises.

3. To verify a password, the password being submitted is scrambled with a new random number; the scrambled password is sent to the “blue” server and the new random number is sent to the “red” server. Each server then executes a new transformation using the stored data to validate the password. If the two answers match, the password is verified without either server seeing it.

The process is effectively transparent to the user, said Damon Hopley, RSA’s senior product manager. “The computing overhead is similar to [Secure Sockets Layer] and other negotiations” commonly used for secure transactions, he said. “It’s a very common sense solution.”

So why is this common sense solution only now coming to market?

“The world has changed a lot in the last two years,” Hopley said. Two years ago customers didn’t believe that compromised servers would be a fact of life. Today they accept them. So RSA brushed off the crypto scheme about 18 months ago to turn it into a product.